3D Secure 2: Five benefits of authentication - Part 1 of 2

3D Secure 2: Five benefits of authentication

Written by Mark Dobinson, Senior Product Manager, Worldpay, August 2019.

With the SCA(1) requirement of PSD2(2)  quickly approaching, it’s easy to see why the world of payments is focused on authentication to meet the new regulations. It’s worthwhile however to take a step back, and discuss the value of authentication even where it isn’t mandated.

Let’s first remind ourselves that 3D Secure is the primary mechanism for authenticating cardholders globally – but it can be viewed by merchants as adding friction to the shopper checkout experience. 

To address this pain point, EMVCo and the major credit card schemes introduced the next generation 3DS Secure, 3DS2: one frictionless flow, and a range of shopper-friendly authentication flows, where an authentication challenge is required.

Let’s discover five benefits of authentication with 3DS2. 

1 - More data for better risk assessments

3DS2 lets you, the merchant, send more data to issuers with each transaction. Issuers can use this data to make more informed assessments of transactions and determine whether the shopper is the legitimate cardholder. 

If an issuer is confident that the transaction presents a low risk, they can authenticate it without any further input from the shopper. This is commonly referred to as a frictionless flow, as the shopper journey is seamless. 

User-added image

For higher risk transactions, issuers will choose a shopper-friendly way to authenticate the cardholder (e.g. biometrics), commonly referred to as a challenge flow.

The good news is that as the merchant, you already submit most of the data required to authenticate cardholders. In the background, Worldpay and other parties can now supplement this data to include:
User-added image
More data, better risk decisions… resulting in less fraud.

2 – Optimized shopper challenges

If an issuer deems a transaction to be high-risk, shoppers are presented with a challenge to prove they are the legitimate cardholder.
With 3DS1, shoppers had to remember characters from a static password, easily forgotten. This would often lead to cart abandonment. 

With 3DS2, static passwords are being replaced with modern, shopper-friendly challenges. These are designed for cardholders to breeze through the challenge experience with minimal friction. 

Typically, shoppers will be presented with one of the following challenges:
  • Enhanced One Time Password (OTP)

With this challenge, issuers use the cardholder’s registered mobile device to send a one-time password. The shopper receives the text message, and enters the password to continue with their purchase. Many devices can automatically read these text messages and populate the password field, which further minimizes friction.

User-added image

Note: For PSD2 payments, the EBA(3) recently announced that they will no longer recognize card details as a valid, independent ‘possession’ factor for SCA. This will have a direct impact on Enhanced OTPs, which issuers were planning to use widely as an SCA compliant challenge method through 3DS1. This will no longer be possible the way SMS OTP is currently designed. Issuers will have to update how OTP works on their systems, which may have further impacts on implementation timeframes.

This change to OTP should not directly affect your PSP integrations, or your readiness for SCA – it is for issuers to manage. However for transactions outside of the PSD2 mandate, your shoppers will still be able to leverage the simplified experience as shown above.
  • Biometric

3DS2 was created with shopper-friendly challenges in mind, leveraging technology that is now prevalent with online shoppers. 
Biometric challenges involve using smart phone capabilities to authenticate shoppers: fingerprints, or facial ID readers for example.

User-added image

Note: Some schemes are mandating that issuers have capability to support a biometric challenge by 2020. This will mean that biometrics could become one of the most prevalent and seamless authentication methods.
  • Out of Band

Out of Band will let shoppers use their online banking app to seamlessly authenticate their transaction. Shoppers will be directed to their mobile banking apps and log in as they already do. This will authenticate transactions.

Through the increasing use of biometrics to login to mobile banking apps, shoppers will experience lower friction than what is seen with 3DS1 challenges today.

User-added image
3D Secure 2: Five benefits of authentication - Part 2 of 2